7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.4%
The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The ‘Manual’ browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine.
Unfortunately, Gaim doesn’t display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren’t vulnerable.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-158. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14995);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2002-0989");
script_bugtraq_id(5574);
script_xref(name:"DSA", value:"158");
script_name(english:"Debian DSA-158-1 : gaim - arbitrary program execution");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"The developers of Gaim, an instant messenger client that combines
several different networks, found a vulnerability in the hyperlink
handling code. The 'Manual' browser command passes an untrusted string
to the shell without escaping or reliable quoting, permitting an
attacker to execute arbitrary commands on the users machine.
Unfortunately, Gaim doesn't display the hyperlink before the user
clicks on it. Users who use other inbuilt browser commands aren't
vulnerable."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2002/dsa-158"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the gaim package immediately.
This problem has been fixed in version 0.58-2.2 for the current stable
distribution (woody) and in version 0.59.1-2 for the unstable
distribution (sid). The old stable distribution (potato) is not
affected since it doesn't ship the Gaim program.
The fixed version of Gaim no longer passes the user's manual browser
command to the shell. Commands which contain the %s in quotes will
need to be amended, so they don't contain any quotes. The 'Manual'
browser command can be edited in the 'General' pane of the
'Preferences' dialog, which can be accessed by clicking 'Options' from
the login window, or 'Tools' and then 'Preferences' from the menu bar
in the buddy list window."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gaim");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"patch_publication_date", value:"2002/08/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
script_set_attribute(attribute:"vuln_publication_date", value:"2002/08/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"gaim", reference:"0.58-2.2")) flag++;
if (deb_check(release:"3.0", prefix:"gaim-common", reference:"0.58-2.2")) flag++;
if (deb_check(release:"3.0", prefix:"gaim-gnome", reference:"0.58-2.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | gaim | p-cpe:/a:debian:debian_linux:gaim |
debian | debian_linux | 3.0 | cpe:/o:debian:debian_linux:3.0 |